Site last updated: Thursday, November 14, 2024

Log In

Reset Password
MENU
Butler County's great daily newspaper

Most secretive utility is Amazon Web Services

Amazon.com Inc.’s ubiquitous cloud-computing network, the spine for a lot of digital communications and transactions across the U.S., went dark for several hours on Tuesday.

The cloud has provided bounteous advantages but also excess — a cornucopia of nice-to-haves, much of it silly. Being locked out of your home because your Ring is haywire is more serious than not being able to film visitors on the stoop, of course. Seniors unable to receive prescription drug deliveries is more problematic than being unable to stream “Free Guy.”

Even those comparisons don’t truly surface the most substantive threats to consider when digital meltdowns or significant hacks occur on vital private networks such as Amazon Web Services. AWS is the biggest cloud provider in the U.S., but outages happen with some regularity at other leading cloud services, too. Alphabet Inc.’s Google Cloud Platform has had its share of woes, as has Microsoft Corp.’s Azure service.

These cloud networks not only power the consumer indulgences that people whine about when there’s an outage, they also fuel core government and corporate work such as national security and blockbuster financial transactions. Alphabet, Amazon, Microsoft and Oracle Corp. are all jockeying to secure an important cloud contact with the Defense Department, for example.

Yet some of these same cloud services have been central to startling and sprawling nation-state hacks over the last year involving, for example, the SolarWinds Corp. Based on the limited information Amazon disclosed on its “service health dashboard” about its Tuesday outage, hackers or a denial-of-service attack were not responsible. Amazon cited a “network device issue” and said the outage was largely confined to the East Coast. That’s about as much as we know because that’s all that Amazon decided to share. That lack of transparency and disclosure is a big problem, one that Amazon has shown little interest in resolving.

Widespread use of cloud computing is here to stay, and its benefits far outweigh its disadvantages. But Amazon’s secrecy — and its unwillingness to provide greater insight into its operations — is emblematic of how much unnecessary autonomy it enjoys. Amazon doesn’t have to operate this way.

Consider Microsoft. It has been willing to share information publicly about intrusions or breakdowns so it can help form public-private alliances to insulate computer networks. It has also taken the bold step of identifying countries such as Iran, North Korea, Russia and China for their roles in orchestrating digital assaults. Amazon, on the other hand, declined to testify at congressional hearings earlier this year about the SolarWinds breach, even though hackers used Amazon’s cloud servers to stage digital assaults. Regulators shouldn’t continue allowing it to stay mum, but Washington may lack the backbone needed to be more aggressive. A defense bill moving through Congress recently shed provisions that would have required companies to report cyberattacks and ransomware payments to the federal government.

Amazon runs a sophisticated shop, and its cloud architecture sits atop an armada of separate servers with lots of redundancies and clever ways of balancing vast loads of information so breakdowns can be avoided. But it’s not foolproof.

Recent digging from Wired and the Center for Investigative Reporting examined how cavalier Amazon appears to be with the “vast empire of customer data” it manages on the retail side of its business. The reporting indicated that Amazon’s oversight “had become so sprawling, fragmented and promiscuously shared within the company that the security division couldn’t even map all of it, much less adequately defend its borders.”

Timothy L. O’Brien is a senior columnist for Bloomberg Opinion.

More in Local News

Subscribe to our Daily Newsletter

* indicates required
TODAY'S PHOTOS